Vulnerabilità: CVE-2007-0957

Stack-based buffer overflow nella funzione krb5_klog_syslog nella libreria kadm5, usati per il daemon di amministrazione Kerberos (kadmind) e Key Distribution Center (KDC), in MIT krb5 prima 1.6.1 consente remoto autenticato utenti di eseguire codice arbitrario e modificare la database di chiavi Kerberos tramite argomenti artigianali, possibilmente coinvolgono alcuni identificatori stringa di formato.


http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
http://www.securityfocus.com/bid/23285
http://www.securityfocus.com/archive/1/464592/100/0/threaded
http://www.securityfocus.com/archive/1/464666/100/0/threaded
http://www.securityfocus.com/archive/1/464814/30/7170/threaded
http://www.us-cert.gov/cas/techalerts/TA07-093B.html
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
http://www.kb.cert.org/vuls/id/704024
http://docs.info.apple.com/article.html?artnum=305391
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt
http://www.debian.org/security/2007/dsa-1276
http://security.gentoo.org/glsa/glsa-200704-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757
http://www.redhat.com/support/errata/RHSA-2007-0095.html
http://www.securitytracker.com/id?1017849
http://secunia.com/advisories/24706
http://secunia.com/advisories/24735
http://secunia.com/advisories/24736
http://secunia.com/advisories/24740
http://secunia.com/advisories/24750
http://secunia.com/advisories/24757
http://secunia.com/advisories/24785
http://secunia.com/advisories/24786
http://secunia.com/advisories/24798
http://secunia.com/advisories/24817
http://secunia.com/advisories/24966
http://secunia.com/advisories/25464
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html
http://www.ubuntu.com/usn/usn-449-1
http://www.vupen.com/english/advisories/2007/1218
http://www.vupen.com/english/advisories/2007/1250
http://www.vupen.com/english/advisories/2007/1470
http://www.vupen.com/english/advisories/2007/1983
https://exchange.xforce.ibmcloud.com/vulnerabilities/33411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi